Pwning OWASP’s Juice Shop Pt. 15: Meta Geo Stalking + Weird Crypto

Challenge 1: 

Name: Meta Geo Stalking

Description: Determine the answer to John’s security question by looking at an upload of him to the Photo Wall and use it to reset his password via the Forgot Password mechanism.

Difficulty: 2 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Challenge 2: 

Name:  Weird Crypto

Description: Inform the shop about an algorithm or library it should definitely not use the way it does.

Difficulty: 2 star

Category: Cryptographic Issues

Expanded Description: https://pwning.owasp-juice.shop/part2/cryptographic-issues.html

Read More

Pwning OWASP’s Juice Shop Pt. 12: DOM XSS + Bonus Payload

Challenge 1: 

Name:  DOM XSS + Bonus Payload

Description: Perform a DOM XSS attack with <iframe src=”javascript:alert(`xss`)”>.

Difficulty: 1 star

Category: XSS

Expanded Description: https://pwning.owasp-juice.shop/part2/xss.html

Challenge 2:

Name: Bonus Payload

Description: Use the bonus payload   in the DOM XSS challenge.

Difficulty: 1 star

Category: XSS

Expanded Description: https://pwning.owasp-juice.shop/part2/xss.html

Read More